On Fri, Jun 26, 2020 at 6:15 AM Tomasz Torcz tomek@pipebreaker.pl wrote:
On Fri, Jun 26, 2020 at 10:50:47AM +0100, Stephen Coady wrote:
On Fri, 26 Jun 2020 at 10:34, David Kirwan dkirwan@redhat.com wrote:
Hi all,
If we are moving towards openshift/kubernetes backed services, we should probably be sticking with containers rather than Vagrant. We can use CRC [1] (Code Ready Containers) or minikube [2] for most local dev work.
The only problem with that is not everything runs in containers. For example the new AAA service is backed by FreeIPA and that does not run in a container.
It doesn't? What about https://github.com/freeipa/freeipa-container ?
My understanding is that it is an experimental implementation currently. FreeIPA does not necessarily work very well broken up into containers right now.
Everything will run in a virtual machine given that enough care has been put into creating the VM. I don't think the same can be said for containers.
I think in todays world we should develop for containers first. Especially when k8s abstracts many things and provides useful infrastructure for application. A bit like systemd a decade ago, by providing useful APIs like socket-activation, watchdog, restarts, parallel invocations locks, applications do not have to care about re-implementing boring stuff over and over again.
The difference is that it's actually a huge pain for people to run containers on Kubernetes. All these things you described can be done with systemd units in regular RPMs. In fact, for the AAA solution, I *already* did that so that we can reuse it for the Fedora and openSUSE deployments[1].
While I think it'd be valuable to figure out the container workflow for apps deployed in containers, let's not forget all that stuff in our infrastructure requires OpenShift, and I don't know about most of you, but I'm fresh out of OpenShift at home to be able to do this sort of thing.
I have made something really simple that kind of works for OKD 3.x[2], but no such equivalent exists for OKD 4.x, so that's been out of reach for me for a while. Plain Kubernetes literally does not work. Aside from plain Kubernetes being a pain to actually get working enough to run applications, we actually use OpenShift features that do not exist in Kubernetes.
So I would caution all of this by stating that at least for me as an external no-name plain contributor, I'm more or less locked out of contributing to apps that are deployed exclusively through OpenShift.
[1]: https://copr.fedorainfracloud.org/coprs/ngompa/fedora-aaa/ [2]: https://pagure.io/openshift-allinone-deployment-configuration